Age | Commit message (Collapse) | Author | Files | Lines |
|
It shows up all the time in logs while using "logging level all info",
let's move it to debug.
Change-Id: I51274dad5afef16e466921c5d58672427d23fd3b
|
|
Right now it's not a big issue since OSMUX_CID_MAX is 255, so 255+1 is
256 which fits array boundaries correctly (multiple of 8). However, if
for example OSMUC_CID_MAX was modified to be 12, 12+1/8 = 1, so we'd
have an undesired memory access when accessing last 4 CIDs.
Change-Id: I5908ee44404686e68d61f255b7014af39c8f5703
|
|
bsc_msc_lost will close the current fd (without freeing it), so let's
skip possible writes to an already closed fd
bsc_msc_lost will close the current fd (without freeing it), so let's
skip possible writes to an already closed fd..
Change-Id: I55c1a88f6524e897c70abf8ba18f1bb2b1f650aa
|
|
PONG is being sent a as an answer to PING a few lines above in same
function.
Change-Id: I88ca95d46f4ace1da4025d12302422dbfa578354
|
|
Code is already doing stuff with the connection (fd).
Change-Id: Ieeaa0e024b9542d1a22a8e3ab4c3229a6f8a0b49
|
|
Change-Id: Ib36b8937d1210488784ebae6917cb1b4c871c9d4
|
|
osmux_xfrm_input_open_circuit returns 0 on success and -1 on error.
Confusion comes from that function being implemented by calling
osmux_batch_add_circuit which returns NULL on error.
Change-Id: I98700aa1e2fab9784706bfac1a47cc84635172b7
|
|
Back-port from osmo-bsc.git 9862bcb5cdb9ece0acfdfb7c81e00c05fcd33ad3.
ipaccess_drop_oml was being called inside an osmo_fd cb context, were
-EBADF must be returned if the structure holding the osmo_fd is freed.
In the middle of the path (see OS#3495 for path tree) it goes through a
signal dispatch, so it's impossible to make sure we return some value to
the osmo_fd cb. As a result, it is required to defer dropping the OML
Link from current code path and do it through a timer.
Fixes following ASan report:
20180822124927913 <0004> abis_nm.c:787 OC=RADIO-CARRIER(02) INST=(00,00,ff): CHANGE ADMINISTRATIVE STATE NACK CAUSE=Message cannot be performed
20180822124927913 <0004> osmo_bsc_main.c:186 Got CHANGE ADMINISTRATIVE STATE NACK going to drop the OML links.
20180822124927913 <0015> bts_ipaccess_nanobts.c:406 (bts=0) Dropping OML link.
...
=================================================================
==17607==ERROR: AddressSanitizer: heap-use-after-free on address 0x62e000060a68 at pc 0x7f5ea8e27086 bp 0x7ffde92b6d80 sp 0x7ffde92b6d78
READ of size 8 at 0x62e000060a68 thread T0
#0 0x7f5ea8e27085 in handle_ts1_write input/ipaccess.c:371
#1 0x7f5ea8e27085 in ipaccess_fd_cb input/ipaccess.c:391
#2 0x7f5ea9147ca8 in osmo_fd_disp_fds libosmocore/src/select.c:217
#3 0x7f5ea9147ca8 in osmo_select_main libosmocore/src/select.c:257
#4 0x555813ab79d6 in main osmo-bsc/osmo_bsc_main.c:922
#5 0x7f5ea76d02e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#6 0x555813ab84e9 in _start (/bin/osmo-bsc+0x34d4e9)
Fixes: OS#3495
Change-Id: If9e73a3251547625a2372d58f1d8b87210d9f312
|
|
Back-port from osmo-bsc.git 24f2f55132f7230e387aef85612dcd6fc59cebe5.
Change-Id: I134a3da3700381043bc93aed300ce4ec263e8698
|
|
Currently the force_realloc feature is turnd on and of in a
hardcoded way. This patch makes the option available via VTY.
Backport from osmo-mgw.git.
Change-Id: Ic8740512c5ea0766ff6ceb1c28b9c2b3fe46e75f
|
|
Change-Id: I83948ce626b924802d1963411a3f40c5fed24355
|
|
Change-Id: Ib5963e4d15a4a6b077d7a97fbbde6e5134c77e9a
|
|
We only send back if we had an error parsing the message locally. If we
receive an ERROR message from a bsc, we try to forward it if the ID is
valid, otherwise only log the received error description locally.
Related: OS#3394
Change-Id: I7b4d20aea7a16c4b4e5add7c274a4ed34a7f6b8d
|
|
In some cases id can be non-digit such as "err" for ERROR cmds generated
from parsing failures.
Change-Id: Ief0b203efbcf2be04253b5056840be94d58a9994
|
|
Instead of always logging/sending same error, use the new
ctrl_cmd_parse2 API which always returns a cmd structure with a specific
error description.
Change-Id: Ie111bec46b664768fe3c3feff906f91e8ee8b1d4
|
|
Instead of always logging/sending same error, use the new
ctrl_cmd_parse2 API which always returns a cmd structure with a specific
error description.
Change-Id: I6ef2b6e309632ed9cb296e8a1e71f879007a36ae
|
|
This command controls forward/drop of BSS paging messages from MSC to
all BSCs connected to BSC-NAT.
In situations in which MS don't generally roam from one BSC to another
under the BSC-NAT, it may be beneficial (bandwidth wise) to drop these
global paging commands, which are usually issued by the MSC if the
location of the MS isn't known and LAC paging has failed.
Change-Id: I737774543e0a8734d79b072e66e3c09e82b001d3
|
|
Previous to this commit, an error message was printed and the paging
message was dropped:
openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:618 Could not parse paging message: -3
Related: OS#3325
Change-Id: I3125ba0e67d2965c0be3089748dd113b1bf615af
|
|
Change-Id: Ib03681cf91550846af0d487c11cc90b6f700b340
|
|
Back-port from osmo-bsc.git 653bee7d02a1a1c827b54d235b644fec6a6f4683.
Change-Id: Id89febbd84beba8a0c083cbf83649bb4672684c4
|
|
Back-port from osmo-bsc.git d99182c01037f4dd14fb72b2b06497e0c1bebb49.
Change-Id: I0b951a9c3dbe245c3813fc91ceb9118a0de779b8
|
|
Back-port from osmo-bsc.git a0f1196eda79de0e838b29eb91d9f31839f2f447.
Change-Id: I519fb945a99206dff6c4aeb476d527e632b7e751
|
|
Previous state is harmless because the pointer is stored but not used in
that function. However, it's more clear this way.
Back-port from osmo-bsc.git 9ab47eb52da73d25c4f94869385a4f836032362a.
Change-Id: Ic17c38578587a774da29266302e7b201ecacd3a3
|
|
Other VTY commands already exist which provides each a subset of these
features, but while operating bsc-nat it became interesting to have all
this info easily reachable for a specific BSC.
Change-Id: I47bfd4fb800390505bdeb0f1d0bd1306fb888a59
|
|
Fixes following runtime warning:
libosmocore/src/rate_ctr.c:219 counter group 'nat:filter' already exists for index 0, instead using index 1. This is a software bug that needs fixing.
Change-Id: Ibe615379dc44a3a68cf9037630891ebf9b03a06d
|
|
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I55470ae74d350e4020209921fd8a09b51b120a41
|
|
When ussd_read_cb calls bsc_nat_ussd_destroy the osmo_fd struct is
freed, so we need to indicate to osmo_wqueue_bfd_cb that it should not
continue using the fd pointer after we return.
Fixes following AddressSanitizer report:
<0015> osmo-bsc_nat/bsc_ussd.c:273 USSD Connection on 13 with IP: 1.2.3.4
<0015> osmo-bsc_nat/bsc_ussd.c:132 USSD Connection was lost.
=================================================================
==18118==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200047c4b4 at pc 0x7ffff6067540 bp 0x7fffffffe170 sp 0x7fffffffe168
READ of size 4 at 0x61200047c4b4 thread T0
#0 0x7ffff606753f in osmo_wqueue_bfd_cb libosmocore/src/write_queue.c:65
#1 0x7ffff605206b in osmo_fd_disp_fds libosmocore/src/select.c:217
#2 0x7ffff6052305 in osmo_select_main libosmocore/src/select.c:257
#3 0x421dfa in main osmo-bsc_nat/bsc_nat.c:1718
#4 0x7ffff47ffb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#5 0x406438 (/bin/osmo-bsc_nat+0x406438)
Change-Id: I35854c43524714d07f31d71c775ac1cd0a57d22e
|
|
Fixes: OS#3335
Change-Id: I847e84d5cc50619059cbae7a2c6471c60609aec6
|
|
Change-Id: Iad663d36d70196408806de664a39863f4d12238b
|
|
Change-Id: I4dbf97905749aa9379bc6b6b448953d8b1825545
|
|
Change-Id: I6a6fc3574630c0893797388bbbdeabe14572f988
|
|
Got this warning since my upgrade to gcc 8.1.0. Quick check tells me
it's probably a false positive, but let's fix the warning anyway.
openbsc/openbsc/src/libmsc/gsm_04_08.c: In function ‘gsm0408_dispatch’:
openbsc/openbsc/src/libmsc/gsm_04_08.c:1260:5: error: ‘res_len’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (res_len != 4) {
^
openbsc/openbsc/src/libmsc/gsm_04_08.c:1223:10: note: ‘res_len’ was declared here
uint8_t res_len;
^~~~~~~
Change-Id: Ifa45f73645c9ab022c18a012abe03214aa21526f
|
|
Fix a really silly bug I introduced recently (same commit in
osmo-bsc.git doesn't contain the issue).
Fixes: d05d05b2773a1dc96a51104034942d504f2b1166
Related: SYS#4254
Change-Id: I7bac2ce001d4a6dcea2a896af30edf84942b68de
|
|
Previous to this patch, if ipaccess_auth_bsc() failed finding the
requested auth token, it would call bsc_close_connection() on it.
However, it would not report callers that the bsc conn was closed.
Since ipaccess_auth_bsc is called in the following path:
[osmo_wqueue_bfd_cb->ipaccess_bsc_read_cb->forward_sccp_to_msc->ipaccess_auth_bsc]
It needs to notify the lower layers (wqueue) that the conn/osmo_fd has been
freed an it should avoid keep using/forwarding it again.
This patch fixes this issue by moving the conn closing one layer down
the stack (from ipaccess_auth_bsc to forward_sccp_to_msc), and in there
we now close the conn and provide required information to the callers.
Fixes following Asan report:
Unit_Name='foobar' <0015> openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1061 No bsc found for token 'foobar' len 6 on fd: 11.
=================================================================
==18946==ERROR: AddressSanitizer: heap-use-after-free on address 0x616001f8b81c at pc 0x7ffff6067540 bp 0x7fffffffe170 sp 0x7fffffffe168
READ of size 4 at 0x616001f8b81c thread T0
#0 0x7ffff606753f in osmo_wqueue_bfd_cb libosmocore/src/write_queue.c:65
#1 0x7ffff605206b in osmo_fd_disp_fds libosmocore/src/select.c:217
#2 0x7ffff6052305 in osmo_select_main libosmocore/src/select.c:257
#3 0x421c8e in main openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1714
#4 0x7ffff47ffb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#5 0x406438 (/bin/osmo-bsc_nat+0x406438)
Fixes: SYS#4250
Change-Id: Ifb39a045b98bc2043a98a9787fc61cbcddc368e0
|
|
This commit changes behaviour to a (imho) better logic and is a
preparation for follow-up commits to avoid heap-use-after-free error
when closing the bsc connection.
Previously, authentication would still not be accepted but the
connection would be staying alive for a while until id_timeout timer
triggers. Let's close the connection immediately instead, this way BSC
side can see quickly something is wrong with what it is sending.
Furthermore, this way the logic of the function is simplified: If auth
goes well, conn is alive. If auth goes wrong, conn is closed.
Change-Id: I972961b8967076c56c607f98c2360054144951e4
|
|
variable "parsed" was not being freed in this case. By calling exit2 we
make sure it is freed.
Change-Id: Ifd0c145ff733fdfb2f6fcb32065de99ee951d106
|
|
exit3 is the same as exit2 with the addition of calling
bsc_send_con_refuse(). Since exit3 path is only followed once, it's
easier to call bsc_send_con_refuse() on that code path and remove exit3
entirely in order to simplify the function.
Change-Id: I2ba0aeca1ee0fffd75019bfba37907f0b8015066
|
|
Change-Id: I1e98ef1dd410aa3e534666356a74590dac87b918
|
|
Change-Id: I91b18aeb8bdc2a1b392474318b1df1b4b1fee5a3
|
|
Fixes: 38a77d0098b21e14a42a91fd83bc8179b2978555
Change-Id: Iedf45a787d5e684b2f199e8e947da434fe75cf05
|
|
Change-Id: I2c0db366caef5632d4e04feeda1f83e79a58995f
|
|
Change-Id: I51bb656b5fef3247edc63477f391c954c4b28f56
|
|
When ipaccess_bsc_read_cb calls bsc_close_connection, the osmo_fd
struct is freed, so we need to indicate to osmo_wqueue_bfd_cb that it
should not continue using the fd pointer after we return.
Fixes following AdressSanitizer report:
<0015> openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1317 The connection to the BSC Nr: -1 was lost. Cleaning it
=================================================================
==27028==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000c521c at pc 0x7ffff606b056 bp 0x7fffffffe170 sp 0x7fffffffe168
READ of size 4 at 0x6160000c521c thread T0
#0 0x7ffff606b055 in osmo_wqueue_bfd_cb libosmocore/src/write_queue.c:65
#1 0x7ffff6055c3b in osmo_fd_disp_fds libosmocore/src/select.c:217
#2 0x7ffff6055ed5 in osmo_select_main libosmocore/src/select.c:257
#3 0x421c82 in main openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1713
#4 0x7ffff4803b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#5 0x406438 (/bin/osmo-bsc_nat+0x406438)
Fixes: OS#3300
Change-Id: I120f646601bd4275b9088d0d73000ce04564bc6b
|
|
Right now, it's impossible to see any ACC Ramping information unless RSL
category is set to DEBUG. Barring and Allowing Access Control Class is
an important event which should be printed in most cases.
Increase log levels of messages printed during some error conditions to
be handled as errors.
Backport of osmo-bsc.git commit
67f20bc356a4908bdb71b5dfc6a1932e6c1fac68.
Change-Id: Iec10c2be7aa5efeadd6b0706916678acc5461111
|
|
Older ones are being deprecated as they may generate interleaved
packets.
Depends on libosmo-netif.git Change-Id I4e05ff141eb4041128ae77812bbcfe84ed4c02de.
Change-Id: I189564fc63139c15314db8975afd423c7153ea32
|
|
Backport from osmo-bsc.git Change-Id I7a5e5d26f250f954853c12cfd4de08fed68c178e.
Change-Id: Id2ed51eed42e9fd9c91d257c245f7bce8d568f3a
|
|
Backport from osmo-msc Change-Id Iaf0d251c8d2912266a087ada4d20905146e08592.
Fixes following error catched by enabling address sanitizer:
==20792==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000122610 at pc 0x7f9c9c3fe063 bp 0x7ffd2e68f600 sp 0x7ffd2e68edb0
READ of size 11 at 0x60b000122610 thread T0
#0 0x7f9c9c3fe062 (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3c062)
#1 0x7f9c9beb8ee4 in talloc_strdup (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x6ee4)
#2 0x56096a7cf75b in smpp_smsc_conf src/libmsc/smpp_smsc.c:983
#3 0x56096a7cf9df in smpp_smsc_start src/libmsc/smpp_smsc.c:1015
#4 0x56096a7d4935 in smpp_openbsc_start src/libmsc/smpp_openbsc.c:785
#5 0x56096a755ad0 in main src/osmo-msc/msc_main.c:598
#6 0x7f9c9927b2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#7 0x56096a756979 in _start (/home/jenkins/workspace/osmo-gsm-tester_run-prod/trial-805/inst/osmo-msc/bin/osmo-msc+0xf0979)
Related: OS#3181
Change-Id: Ifce107dc5f0971d7580b7adc09f05e334792bace
|
|
Default usage values are defined in mgcp node, and can be per-BSC
overriden on each bsc node.
Change-Id: Ibf3932adc07442fb5e9c7a06404853f9d0a20959
|
|
Take both the operative and administrative states into account
when deciding whether to start ACC ramping, and examine old/new
state values to avoid triggering ramping for a no-op state change.
This requires a fix to gsm_trx_lock_rf(): This function overwrote
the old administrative state of a trx before enqueuing a state
change request towards the BTS.
The BTS will confirm this request with an ACK, at which time a
signal is generated which the ACC ramp code listens to. We must
not overwrite the old state value until the signal has been handled,
otherwise the signal handler cannot tell what the old state was.
Tested with a virtphy setup, nanobts, and osmo-bts.
This is a port of osmo-bsc commit cda994edb20d24032d6ab4e916d0e9411671cfc0
Change-Id: I235d2c5fa962f2f338e77d0c11502921b37f4c36
Related: OS#2591
|
|
Starting an ACC ramping process while TRX 0 is unusable or locked is
pointless. For instance, after loading a config with 'rf_locked 1'
for trx 0, the ramping process was started as soon as the BTS
established RSL, even though the air interface was still down.
ACC ramping should instead be triggered once TRX 0 is unlocked.
This is a port of osmo-bsc commit 4d3d2436cdf3296ddc110be4022dc2ec13d3eb86
Related: OS#2591
Change-Id: I2cc9c1b8193546ea04ea5beb3751c2206f0215f2
|